﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using Xxf.IISM.Core;

namespace System.Web.Mvc
{
    public class CustomAuthorizeAttribute: AuthorizeAttribute
    {
        /// <summary>
        /// 默认为0,设置为1只能超级管理员访问
        /// </summary>
        public int RoleLevle { get; set; }
        /// <summary>
        /// 自定义授权入口点
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (httpContext.Session[AppConfig.UserSessionName] == null) return false;
            IUserInfo userInfo =(IUserInfo)httpContext.Session[AppConfig.UserSessionName];
            if (RoleLevle == 0) return true;//没有设置Lvl
            if (RoleLevle >= userInfo.RoleLevle) return true;
            return false;
        }
        /// <summary>
        /// 无权访问执行方法
        /// </summary>
        /// <param name="filterContext"></param>
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            string returnUrl = System.Web.HttpUtility.UrlEncode(filterContext.HttpContext.Request.RawUrl);
            filterContext.Result = new RedirectResult("/Admin/Login?returnUrl="+returnUrl);
        }
    }
}